Latest Stories

Security Issues

With 2012 just around the corner, the JofA gathered the
three technology keynote speakers from the AICPA’s 2011 Practitioners
Symposium/TECH+ Conference to talk about tech trends heading into the
new year. The nearly 90-minute conversation covered a wide range of
technical issues critical to all CPAs.

The JofA is presenting the online version of
the conversation in 10 installments released over a nearly two-month
span. Each part focuses on one major topic and features audio clips
from the conversation. Part eight outlines how products, procedures
and portals can boost the protection of sensitive client data.

Collins: Let’s focus on security for just a moment.
Security continues to rank high in the minds of many CPAs, and most
CPAs are running anti-virus software. They have their firewall
devices up and running. They enforce password logins everywhere. But
yet, they’re still sending their email across the Internet naked and
wide open to the public. Randy, what’s the best way for CPAs to lock
down their email from prying eyes, and can you recommend a few
specific products?

Johnston: You know, Carlton, I’ll respond to that
with three products today that I think are reasonable choices.
Probably the most popular one is ZixCorp out of Dallas. They’re
certified for use by the FDIC in the banking industry. Another one
that I’ve liked is a product called the Secured-Accountant. And a
third one that is good is CPA SafeMail. So there (are) three examples,
but let’s give you one more. We can do something a little more
complex, like use the secure email on PGP, but that’s more clumsy.
We’ve got to have a product that is simple to use not only for the
CPAs themselves, but the recipients of these, whether they’re clients
from the CPA firm or customers from an industry business. So using
encrypted email is really critical, particularly if you can’t get
clients to use secure portals.

Collins: OK, thank you, Randy. Rick, in your opinion,
what’s the biggest security threat out there for CPAs? What should
they be concerned with, and what can they do about it?

Richardson: I think probably—I want to go back to
that secure portals comment of Randy’s, because I think a lot of CPAs
still think that they can use email as a method of, even if it is
secured, client communication, when they should be thinking far more
about the ability to have a secure portal and that their clients begin
using that secure portal for both upload and download of sensitive information.

In terms of exposure, I really think the issue’s going to come down
to somebody either losing or having a competitive advantage lost as a
result of a competitor obtaining data that a CPA just didn’t properly
husband. And when that happens … a lot of people within the profession
are going to say, “Gee, we really need to be far more articulate about
how important (the) trustworthiness of this data becomes.”

And again, coming back to the portal, it provides not only a
solution for the storage side of life, if you tie it into a cloud
service, but provides that secure service in terms of its encryption
up and down the communications channel.

Collins: OK, thank you, Rick. Dave, talk to us about
laptops for a moment. Which encryption solution do you recommend for
encrypting a hard drive on a laptop?

Cieslak: Great question, Carlton. Honestly, I look
at—I say that every business machine today quite honestly should be
running Windows 7. We look at Windows 7 as an operating system, so if
you—I should maybe couch that and say, if you’re running Windows, then
Windows 7 should definitely be the product that you—the version that
you should be running. And it’s got its own built-in drive encryption
technology. And so it’s important to Microsoft that the data be secure
on the system, so they’ve got their BitLocker product, and so that’s
going to support not only the hard drive, the built-in hard drive, but
it even also now supports removable data with their BitLocker to Go.
So we like and we use the Windows 7 BitLocker. But if you’re looking
for maybe a free open-source solution, we’ve got a number of clients
using and very happy with the TrueCrypt product. So that’s free, it’s
open-source, and it’s going to support Windows. It’s going to work
actually in a variety of environments, so we really like that as a
good encryption tool as well.

And then, finally, what I would tell you is that some of the new
drives themselves that we’re seeing are actually self-encrypting or
hardware encrypting. And so if you’ve got that opportunity, you’ve got
that option, that may very well be something you’d want to consider
directly as well. That way, you’re not experiencing some of the
overhead, some of the drag on the hardware, because the hard drive
itself is taking over that task for you.

TAX NEWS

President Barack Obama signed legislation that retroactively extended more than 50 expired tax provisions for 2014, allowing taxpayers to take advantage of a host of tax incentives during this filing season.

A weekly snapshot of global accounting with news from the Journal of Accountancy and other leading accounting publications. It includes summaries of what matters to you, written by expert editors to save you time and keep you informed and prepared.